ia64/xen-unstable
changeset 7809:bdf1a8039d13
Failure to revalidate a writable pagetable page should crash
the offending domain, not merely pause it. Also, callers can
now specify another domain to domain_crash().
Signed-off-by: Keir Fraser <keir@xensource.com>
the offending domain, not merely pause it. Also, callers can
now specify another domain to domain_crash().
Signed-off-by: Keir Fraser <keir@xensource.com>
| author | kaf24@firebug.cl.cam.ac.uk |
|---|---|
| date | Mon Nov 14 15:21:16 2005 +0100 (2005-11-14) |
| parents | 6d981d34cf52 |
| children | 090e44133d40 |
| files | xen/arch/x86/domain.c xen/arch/x86/mm.c xen/arch/x86/shadow_public.c xen/arch/x86/vmx.c xen/arch/x86/vmx_vmcs.c xen/common/domain.c xen/common/schedule.c xen/include/asm-ia64/vmx_vpd.h xen/include/xen/sched.h |
line diff
1.1 --- a/xen/arch/x86/domain.c Mon Nov 14 12:28:47 2005 +0100 1.2 +++ b/xen/arch/x86/domain.c Mon Nov 14 15:21:16 2005 +0100 1.3 @@ -578,7 +578,7 @@ static void load_segments(struct vcpu *n 1.4 put_user(regs->rcx, rsp-11) ) 1.5 { 1.6 DPRINTK("Error while creating failsafe callback frame.\n"); 1.7 - domain_crash(); 1.8 + domain_crash(n->domain); 1.9 } 1.10 1.11 regs->entry_vector = TRAP_syscall;
2.1 --- a/xen/arch/x86/mm.c Mon Nov 14 12:28:47 2005 +0100 2.2 +++ b/xen/arch/x86/mm.c Mon Nov 14 15:21:16 2005 +0100 2.3 @@ -2529,7 +2529,7 @@ int do_update_va_mapping(unsigned long v 2.4 * not enough information in just a gpte to figure out how to 2.5 * (re-)shadow this entry. 2.6 */ 2.7 - domain_crash(); 2.8 + domain_crash(d); 2.9 } 2.10 2.11 rc = shadow_do_update_va_mapping(va, val, v); 2.12 @@ -2918,7 +2918,6 @@ int revalidate_l1( 2.13 { 2.14 l1_pgentry_t ol1e, nl1e; 2.15 int modified = 0, i; 2.16 - struct vcpu *v; 2.17 2.18 for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ ) 2.19 { 2.20 @@ -2944,7 +2943,6 @@ int revalidate_l1( 2.21 2.22 if ( unlikely(!get_page_from_l1e(nl1e, d)) ) 2.23 { 2.24 - MEM_LOG("ptwr: Could not re-validate l1 page"); 2.25 /* 2.26 * Make the remaining p.t's consistent before crashing, so the 2.27 * reference counts are correct. 2.28 @@ -2953,9 +2951,8 @@ int revalidate_l1( 2.29 (L1_PAGETABLE_ENTRIES - i) * sizeof(l1_pgentry_t)); 2.30 2.31 /* Crash the offending domain. */ 2.32 - set_bit(_DOMF_ctrl_pause, &d->domain_flags); 2.33 - for_each_vcpu ( d, v ) 2.34 - vcpu_sleep_nosync(v); 2.35 + MEM_LOG("ptwr: Could not revalidate l1 page"); 2.36 + domain_crash(d); 2.37 break; 2.38 } 2.39 2.40 @@ -3348,7 +3345,7 @@ int ptwr_do_page_fault(struct domain *d, 2.41 /* Toss the writable pagetable state and crash. */ 2.42 unmap_domain_page(d->arch.ptwr[which].pl1e); 2.43 d->arch.ptwr[which].l1va = 0; 2.44 - domain_crash(); 2.45 + domain_crash(d); 2.46 return 0; 2.47 } 2.48
3.1 --- a/xen/arch/x86/shadow_public.c Mon Nov 14 12:28:47 2005 +0100 3.2 +++ b/xen/arch/x86/shadow_public.c Mon Nov 14 15:21:16 2005 +0100 3.3 @@ -239,13 +239,13 @@ static pagetable_t page_table_convert(st 3.4 3.5 l4page = alloc_domheap_page(NULL); 3.6 if (l4page == NULL) 3.7 - domain_crash(); 3.8 + domain_crash(d); 3.9 l4 = map_domain_page(page_to_pfn(l4page)); 3.10 memset(l4, 0, PAGE_SIZE); 3.11 3.12 l3page = alloc_domheap_page(NULL); 3.13 if (l3page == NULL) 3.14 - domain_crash(); 3.15 + domain_crash(d); 3.16 l3 = map_domain_page(page_to_pfn(l3page)); 3.17 memset(l3, 0, PAGE_SIZE); 3.18
4.1 --- a/xen/arch/x86/vmx.c Mon Nov 14 12:28:47 2005 +0100 4.2 +++ b/xen/arch/x86/vmx.c Mon Nov 14 15:21:16 2005 +0100 4.3 @@ -191,12 +191,12 @@ static inline int long_mode_do_msr_read( 4.4 case MSR_FS_BASE: 4.5 if (!(VMX_LONG_GUEST(vc))) 4.6 /* XXX should it be GP fault */ 4.7 - domain_crash(); 4.8 + domain_crash(vc->domain); 4.9 __vmread(GUEST_FS_BASE, &msr_content); 4.10 break; 4.11 case MSR_GS_BASE: 4.12 if (!(VMX_LONG_GUEST(vc))) 4.13 - domain_crash(); 4.14 + domain_crash(vc->domain); 4.15 __vmread(GUEST_GS_BASE, &msr_content); 4.16 break; 4.17 case MSR_SHADOW_GS_BASE: 4.18 @@ -260,7 +260,7 @@ static inline int long_mode_do_msr_write 4.19 case MSR_FS_BASE: 4.20 case MSR_GS_BASE: 4.21 if (!(VMX_LONG_GUEST(vc))) 4.22 - domain_crash(); 4.23 + domain_crash(vc->domain); 4.24 if (!IS_CANO_ADDRESS(msr_content)){ 4.25 VMX_DBG_LOG(DBG_LEVEL_1, "Not cano address of msr write\n"); 4.26 vmx_inject_exception(vc, TRAP_gp_fault, 0); 4.27 @@ -273,7 +273,7 @@ static inline int long_mode_do_msr_write 4.28 4.29 case MSR_SHADOW_GS_BASE: 4.30 if (!(VMX_LONG_GUEST(vc))) 4.31 - domain_crash(); 4.32 + domain_crash(vc->domain); 4.33 vc->arch.arch_vmx.msr_content.shadow_gs = msr_content; 4.34 wrmsrl(MSR_SHADOW_GS_BASE, msr_content); 4.35 break;
5.1 --- a/xen/arch/x86/vmx_vmcs.c Mon Nov 14 12:28:47 2005 +0100 5.2 +++ b/xen/arch/x86/vmx_vmcs.c Mon Nov 14 15:21:16 2005 +0100 5.3 @@ -157,13 +157,13 @@ static void vmx_map_io_shared_page(struc 5.4 mpfn = get_mfn_from_pfn(E820_MAP_PAGE >> PAGE_SHIFT); 5.5 if (mpfn == INVALID_MFN) { 5.6 printk("Can not find E820 memory map page for VMX domain.\n"); 5.7 - domain_crash(); 5.8 + domain_crash(d); 5.9 } 5.10 5.11 p = map_domain_page(mpfn); 5.12 if (p == NULL) { 5.13 printk("Can not map E820 memory map page for VMX domain.\n"); 5.14 - domain_crash(); 5.15 + domain_crash(d); 5.16 } 5.17 5.18 e820_map_nr = *(p + E820_MAP_NR_OFFSET); 5.19 @@ -182,7 +182,7 @@ static void vmx_map_io_shared_page(struc 5.20 printk("Can not get io request shared page" 5.21 " from E820 memory map for VMX domain.\n"); 5.22 unmap_domain_page(p); 5.23 - domain_crash(); 5.24 + domain_crash(d); 5.25 } 5.26 unmap_domain_page(p); 5.27 5.28 @@ -190,13 +190,13 @@ static void vmx_map_io_shared_page(struc 5.29 mpfn = get_mfn_from_pfn(gpfn); 5.30 if (mpfn == INVALID_MFN) { 5.31 printk("Can not find io request shared page for VMX domain.\n"); 5.32 - domain_crash(); 5.33 + domain_crash(d); 5.34 } 5.35 5.36 p = map_domain_page(mpfn); 5.37 if (p == NULL) { 5.38 printk("Can not map io request shared page for VMX domain.\n"); 5.39 - domain_crash(); 5.40 + domain_crash(d); 5.41 } 5.42 d->arch.vmx_platform.shared_page_va = (unsigned long)p; 5.43
6.1 --- a/xen/common/domain.c Mon Nov 14 12:28:47 2005 +0100 6.2 +++ b/xen/common/domain.c Mon Nov 14 15:21:16 2005 +0100 6.3 @@ -125,18 +125,27 @@ void domain_kill(struct domain *d) 6.4 } 6.5 6.6 6.7 -void domain_crash(void) 6.8 +void domain_crash(struct domain *d) 6.9 { 6.10 - printk("Domain %d (vcpu#%d) crashed on cpu#%d:\n", 6.11 - current->domain->domain_id, current->vcpu_id, smp_processor_id()); 6.12 - show_registers(guest_cpu_user_regs()); 6.13 - domain_shutdown(SHUTDOWN_crash); 6.14 + if ( d == current->domain ) 6.15 + { 6.16 + printk("Domain %d (vcpu#%d) crashed on cpu#%d:\n", 6.17 + d->domain_id, current->vcpu_id, smp_processor_id()); 6.18 + show_registers(guest_cpu_user_regs()); 6.19 + } 6.20 + else 6.21 + { 6.22 + printk("Domain %d reported crashed by domain %d on cpu#%d:\n", 6.23 + d->domain_id, current->domain->domain_id, smp_processor_id()); 6.24 + } 6.25 + 6.26 + domain_shutdown(d, SHUTDOWN_crash); 6.27 } 6.28 6.29 6.30 void domain_crash_synchronous(void) 6.31 { 6.32 - domain_crash(); 6.33 + domain_crash(current->domain); 6.34 for ( ; ; ) 6.35 do_softirq(); 6.36 } 6.37 @@ -178,10 +187,9 @@ static __init int domain_shutdown_finali 6.38 __initcall(domain_shutdown_finaliser_init); 6.39 6.40 6.41 -void domain_shutdown(u8 reason) 6.42 +void domain_shutdown(struct domain *d, u8 reason) 6.43 { 6.44 - struct domain *d = current->domain; 6.45 - struct vcpu *v; 6.46 + struct vcpu *v; 6.47 6.48 if ( d->domain_id == 0 ) 6.49 {
7.1 --- a/xen/common/schedule.c Mon Nov 14 12:28:47 2005 +0100 7.2 +++ b/xen/common/schedule.c Mon Nov 14 15:21:16 2005 +0100 7.3 @@ -267,7 +267,7 @@ long do_sched_op(int cmd, unsigned long 7.4 { 7.5 TRACE_3D(TRC_SCHED_SHUTDOWN, 7.6 current->domain->domain_id, current->vcpu_id, arg); 7.7 - domain_shutdown((u8)arg); 7.8 + domain_shutdown(current->domain, (u8)arg); 7.9 break; 7.10 } 7.11
8.1 --- a/xen/include/asm-ia64/vmx_vpd.h Mon Nov 14 12:28:47 2005 +0100 8.2 +++ b/xen/include/asm-ia64/vmx_vpd.h Mon Nov 14 15:21:16 2005 +0100 8.3 @@ -122,7 +122,7 @@ extern unsigned int opt_vmx_debug_level; 8.4 do { \ 8.5 printk("__vmx_bug at %s:%d\n", __FILE__, __LINE__); \ 8.6 show_registers(regs); \ 8.7 - domain_crash(); \ 8.8 + domain_crash(current->domain); \ 8.9 } while (0) 8.10 8.11 #endif //__ASSEMBLY__
9.1 --- a/xen/include/xen/sched.h Mon Nov 14 12:28:47 2005 +0100 9.2 +++ b/xen/include/xen/sched.h Mon Nov 14 15:21:16 2005 +0100 9.3 @@ -220,14 +220,15 @@ extern int set_info_guest(struct domain 9.4 struct domain *find_domain_by_id(domid_t dom); 9.5 extern void domain_destruct(struct domain *d); 9.6 extern void domain_kill(struct domain *d); 9.7 -extern void domain_shutdown(u8 reason); 9.8 +extern void domain_shutdown(struct domain *d, u8 reason); 9.9 extern void domain_pause_for_debugger(void); 9.10 9.11 /* 9.12 - * Mark current domain as crashed. This function returns: the domain is not 9.13 - * synchronously descheduled from any processor. 9.14 + * Mark specified domain as crashed. This function always returns, even if the 9.15 + * caller is the specified domain. The domain is not synchronously descheduled 9.16 + * from any processor. 9.17 */ 9.18 -extern void domain_crash(void); 9.19 +extern void domain_crash(struct domain *d); 9.20 9.21 /* 9.22 * Mark current domain as crashed and synchronously deschedule from the local